PatchSiren cyber security CVE debrief
CVE-2023-6255 Utarit Information Technologies CVE debrief
CVE-2023-6255 is a high-severity hard-coded credentials issue in Utarit SoliPay Mobile App affecting versions before 5.0.8. The published NVD record maps the issue to a confidentiality-only attack path, and the available advisory material indicates sensitive strings may be readable within the executable. Because the flaw can be reached without privileges or user interaction, organizations should prioritize upgrading to a fixed release and verifying whether any embedded secrets were exposed or reused elsewhere.
- Vendor
- Utarit Information Technologies
- Product
- SoliPay Mobile App
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-15
- Original CVE updated
- 2026-05-20
- Advisory published
- 2024-02-15
- Advisory updated
- 2026-05-20
Who should care
Security teams, mobile application owners, and operations teams responsible for SoliPay Mobile App deployments should care. Incident response and identity/access management teams should also review whether any credentials, tokens, or backend secrets were embedded in affected builds or reused across systems.
Technical summary
NVD classifies the issue as CVSS 3.1 7.5 High with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote, unauthenticated exposure focused on confidentiality. The vulnerability is associated with hard-coded credentials in SoliPay Mobile App before version 5.0.8. The advisory material also references CWE-798 and notes the potential to read sensitive strings within an executable. No integrity or availability impact is indicated in the supplied sources.
Defensive priority
High. The combination of unauthenticated remote exposure and high confidentiality impact makes this a priority patching and secret-rotation issue, especially if the mobile build included backend credentials or tokens.
Recommended defensive actions
- Upgrade SoliPay Mobile App to version 5.0.8 or later.
- Inventory any credentials, API keys, tokens, or other secrets that may have been embedded in affected app builds.
- Rotate or revoke exposed secrets and replace them with environment-managed or server-side credentials.
- Review backend logs, authentication events, and token use for signs of unauthorized access tied to the affected app versions.
- Check whether any reused credentials or shared secrets exist across other applications or services.
- Validate that future mobile releases do not contain hard-coded secrets and that build/release checks scan for embedded credentials.
Evidence notes
This debrief is based on the supplied NVD record and the linked USOM advisory. The CVE description states that SoliPay Mobile App before 5.0.8 is affected by use of hard-coded credentials and that sensitive strings may be readable within an executable. NVD lists the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and the referenced advisory material includes CWE-798.
Official resources
-
CVE-2023-6255 CVE record
CVE.org
-
CVE-2023-6255 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published by the CVE program on 2024-02-15; later modified in the official record on 2026-05-20. The supplied sources do not include a KEV listing.